1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/fs/binfmt_elf.c 4 * 5 * These are the functions used to load ELF format executables as used 6 * on SVr4 machines. Information on the format may be found in the book 7 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support 8 * Tools". 9 * 10 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com). 11 */ 12 13 #include <linux/module.h> 14 #include <linux/kernel.h> 15 #include <linux/fs.h> 16 #include <linux/log2.h> 17 #include <linux/mm.h> 18 #include <linux/mman.h> 19 #include <linux/errno.h> 20 #include <linux/signal.h> 21 #include <linux/binfmts.h> 22 #include <linux/string.h> 23 #include <linux/file.h> 24 #include <linux/slab.h> 25 #include <linux/personality.h> 26 #include <linux/elfcore.h> 27 #include <linux/init.h> 28 #include <linux/highuid.h> 29 #include <linux/compiler.h> 30 #include <linux/highmem.h> 31 #include <linux/hugetlb.h> 32 #include <linux/pagemap.h> 33 #include <linux/vmalloc.h> 34 #include <linux/security.h> 35 #include <linux/random.h> 36 #include <linux/elf.h> 37 #include <linux/elf-randomize.h> 38 #include <linux/utsname.h> 39 #include <linux/coredump.h> 40 #include <linux/sched.h> 41 #include <linux/sched/coredump.h> 42 #include <linux/sched/task_stack.h> 43 #include <linux/sched/cputime.h> 44 #include <linux/sizes.h> 45 #include <linux/types.h> 46 #include <linux/cred.h> 47 #include <linux/dax.h> 48 #include <linux/uaccess.h> 49 #include <linux/rseq.h> 50 #include <asm/param.h> 51 #include <asm/page.h> 52 53 #ifndef ELF_COMPAT 54 #define ELF_COMPAT 0 55 #endif 56 57 #ifndef user_long_t 58 #define user_long_t long 59 #endif 60 #ifndef user_siginfo_t 61 #define user_siginfo_t siginfo_t 62 #endif 63 64 /* That's for binfmt_elf_fdpic to deal with */ 65 #ifndef elf_check_fdpic 66 #define elf_check_fdpic(ex) false 67 #endif 68 69 static int load_elf_binary(struct linux_binprm *bprm); 70 71 #ifdef CONFIG_USELIB 72 static int load_elf_library(struct file *); 73 #else 74 #define load_elf_library NULL 75 #endif 76 77 /* 78 * If we don't support core dumping, then supply a NULL so we 79 * don't even try. 80 */ 81 #ifdef CONFIG_ELF_CORE 82 static int elf_core_dump(struct coredump_params *cprm); 83 #else 84 #define elf_core_dump NULL 85 #endif 86 87 #if ELF_EXEC_PAGESIZE > PAGE_SIZE 88 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE 89 #else 90 #define ELF_MIN_ALIGN PAGE_SIZE 91 #endif 92 93 #ifndef ELF_CORE_EFLAGS 94 #define ELF_CORE_EFLAGS 0 95 #endif 96 97 #define ELF_PAGESTART(_v) ((_v) & ~(int)(ELF_MIN_ALIGN-1)) 98 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1)) 99 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1)) 100 101 static struct linux_binfmt elf_format = { 102 .module = THIS_MODULE, 103 .load_binary = load_elf_binary, 104 .load_shlib = load_elf_library, 105 #ifdef CONFIG_COREDUMP 106 .core_dump = elf_core_dump, 107 .min_coredump = ELF_EXEC_PAGESIZE, 108 #endif 109 }; 110 111 #define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE)) 112 113 static int set_brk(unsigned long start, unsigned long end, int prot) 114 { 115 start = ELF_PAGEALIGN(start); 116 end = ELF_PAGEALIGN(end); 117 if (end > start) { 118 /* 119 * Map the last of the bss segment. 120 * If the header is requesting these pages to be 121 * executable, honour that (ppc32 needs this). 122 */ 123 int error = vm_brk_flags(start, end - start, 124 prot & PROT_EXEC ? VM_EXEC : 0); 125 if (error) 126 return error; 127 } 128 current->mm->start_brk = current->mm->brk = end; 129 return 0; 130 } 131 132 /* We need to explicitly zero any fractional pages 133 after the data section (i.e. bss). This would 134 contain the junk from the file that should not 135 be in memory 136 */ 137 static int padzero(unsigned long elf_bss) 138 { 139 unsigned long nbyte; 140 141 nbyte = ELF_PAGEOFFSET(elf_bss); 142 if (nbyte) { 143 nbyte = ELF_MIN_ALIGN - nbyte; 144 if (clear_user((void __user *) elf_bss, nbyte)) 145 return -EFAULT; 146 } 147 return 0; 148 } 149 150 /* Let's use some macros to make this stack manipulation a little clearer */ 151 #ifdef CONFIG_STACK_GROWSUP 152 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items)) 153 #define STACK_ROUND(sp, items) \ 154 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL) 155 #define STACK_ALLOC(sp, len) ({ \ 156 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \ 157 old_sp; }) 158 #else 159 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items)) 160 #define STACK_ROUND(sp, items) \ 161 (((unsigned long) (sp - items)) &~ 15UL) 162 #define STACK_ALLOC(sp, len) (sp -= len) 163 #endif 164 165 #ifndef ELF_BASE_PLATFORM 166 /* 167 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture. 168 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value 169 * will be copied to the user stack in the same manner as AT_PLATFORM. 170 */ 171 #define ELF_BASE_PLATFORM NULL 172 #endif 173 174 static int 175 create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec, 176 unsigned long interp_load_addr, 177 unsigned long e_entry, unsigned long phdr_addr) 178 { 179 struct mm_struct *mm = current->mm; 180 unsigned long p = bprm->p; 181 int argc = bprm->argc; 182 int envc = bprm->envc; 183 elf_addr_t __user *sp; 184 elf_addr_t __user *u_platform; 185 elf_addr_t __user *u_base_platform; 186 elf_addr_t __user *u_rand_bytes; 187 const char *k_platform = ELF_PLATFORM; 188 const char *k_base_platform = ELF_BASE_PLATFORM; 189 unsigned char k_rand_bytes[16]; 190 int items; 191 elf_addr_t *elf_info; 192 elf_addr_t flags = 0; 193 int ei_index; 194 const struct cred *cred = current_cred(); 195 struct vm_area_struct *vma; 196 197 /* 198 * In some cases (e.g. Hyper-Threading), we want to avoid L1 199 * evictions by the processes running on the same package. One 200 * thing we can do is to shuffle the initial stack for them. 201 */ 202 203 p = arch_align_stack(p); 204 205 /* 206 * If this architecture has a platform capability string, copy it 207 * to userspace. In some cases (Sparc), this info is impossible 208 * for userspace to get any other way, in others (i386) it is 209 * merely difficult. 210 */ 211 u_platform = NULL; 212 if (k_platform) { 213 size_t len = strlen(k_platform) + 1; 214 215 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len); 216 if (copy_to_user(u_platform, k_platform, len)) 217 return -EFAULT; 218 } 219 220 /* 221 * If this architecture has a "base" platform capability 222 * string, copy it to userspace. 223 */ 224 u_base_platform = NULL; 225 if (k_base_platform) { 226 size_t len = strlen(k_base_platform) + 1; 227 228 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len); 229 if (copy_to_user(u_base_platform, k_base_platform, len)) 230 return -EFAULT; 231 } 232 233 /* 234 * Generate 16 random bytes for userspace PRNG seeding. 235 */ 236 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); 237 u_rand_bytes = (elf_addr_t __user *) 238 STACK_ALLOC(p, sizeof(k_rand_bytes)); 239 if (copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) 240 return -EFAULT; 241 242 /* Create the ELF interpreter info */ 243 elf_info = (elf_addr_t *)mm->saved_auxv; 244 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */ 245 #define NEW_AUX_ENT(id, val) \ 246 do { \ 247 *elf_info++ = id; \ 248 *elf_info++ = val; \ 249 } while (0) 250 251 #ifdef ARCH_DLINFO 252 /* 253 * ARCH_DLINFO must come first so PPC can do its special alignment of 254 * AUXV. 255 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in 256 * ARCH_DLINFO changes 257 */ 258 ARCH_DLINFO; 259 #endif 260 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP); 261 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE); 262 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC); 263 NEW_AUX_ENT(AT_PHDR, phdr_addr); 264 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr)); 265 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum); 266 NEW_AUX_ENT(AT_BASE, interp_load_addr); 267 if (bprm->interp_flags & BINPRM_FLAGS_PRESERVE_ARGV0) 268 flags |= AT_FLAGS_PRESERVE_ARGV0; 269 NEW_AUX_ENT(AT_FLAGS, flags); 270 NEW_AUX_ENT(AT_ENTRY, e_entry); 271 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid)); 272 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid)); 273 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid)); 274 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid)); 275 NEW_AUX_ENT(AT_SECURE, bprm->secureexec); 276 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes); 277 #ifdef ELF_HWCAP2 278 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2); 279 #endif 280 NEW_AUX_ENT(AT_EXECFN, bprm->exec); 281 if (k_platform) { 282 NEW_AUX_ENT(AT_PLATFORM, 283 (elf_addr_t)(unsigned long)u_platform); 284 } 285 if (k_base_platform) { 286 NEW_AUX_ENT(AT_BASE_PLATFORM, 287 (elf_addr_t)(unsigned long)u_base_platform); 288 } 289 if (bprm->have_execfd) { 290 NEW_AUX_ENT(AT_EXECFD, bprm->execfd); 291 } 292 #ifdef CONFIG_RSEQ 293 NEW_AUX_ENT(AT_RSEQ_FEATURE_SIZE, offsetof(struct rseq, end)); 294 NEW_AUX_ENT(AT_RSEQ_ALIGN, __alignof__(struct rseq)); 295 #endif 296 #undef NEW_AUX_ENT 297 /* AT_NULL is zero; clear the rest too */ 298 memset(elf_info, 0, (char *)mm->saved_auxv + 299 sizeof(mm->saved_auxv) - (char *)elf_info); 300 301 /* And advance past the AT_NULL entry. */ 302 elf_info += 2; 303 304 ei_index = elf_info - (elf_addr_t *)mm->saved_auxv; 305 sp = STACK_ADD(p, ei_index); 306 307 items = (argc + 1) + (envc + 1) + 1; 308 bprm->p = STACK_ROUND(sp, items); 309 310 /* Point sp at the lowest address on the stack */ 311 #ifdef CONFIG_STACK_GROWSUP 312 sp = (elf_addr_t __user *)bprm->p - items - ei_index; 313 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */ 314 #else 315 sp = (elf_addr_t __user *)bprm->p; 316 #endif 317 318 319 /* 320 * Grow the stack manually; some architectures have a limit on how 321 * far ahead a user-space access may be in order to grow the stack. 322 */ 323 if (mmap_write_lock_killable(mm)) 324 return -EINTR; 325 vma = find_extend_vma_locked(mm, bprm->p); 326 mmap_write_unlock(mm); 327 if (!vma) 328 return -EFAULT; 329 330 /* Now, let's put argc (and argv, envp if appropriate) on the stack */ 331 if (put_user(argc, sp++)) 332 return -EFAULT; 333 334 /* Populate list of argv pointers back to argv strings. */ 335 p = mm->arg_end = mm->arg_start; 336 while (argc-- > 0) { 337 size_t len; 338 if (put_user((elf_addr_t)p, sp++)) 339 return -EFAULT; 340 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN); 341 if (!len || len > MAX_ARG_STRLEN) 342 return -EINVAL; 343 p += len; 344 } 345 if (put_user(0, sp++)) 346 return -EFAULT; 347 mm->arg_end = p; 348 349 /* Populate list of envp pointers back to envp strings. */ 350 mm->env_end = mm->env_start = p; 351 while (envc-- > 0) { 352 size_t len; 353 if (put_user((elf_addr_t)p, sp++)) 354 return -EFAULT; 355 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN); 356 if (!len || len > MAX_ARG_STRLEN) 357 return -EINVAL; 358 p += len; 359 } 360 if (put_user(0, sp++)) 361 return -EFAULT; 362 mm->env_end = p; 363 364 /* Put the elf_info on the stack in the right place. */ 365 if (copy_to_user(sp, mm->saved_auxv, ei_index * sizeof(elf_addr_t))) 366 return -EFAULT; 367 return 0; 368 } 369 370 static unsigned long elf_map(struct file *filep, unsigned long addr, 371 const struct elf_phdr *eppnt, int prot, int type, 372 unsigned long total_size) 373 { 374 unsigned long map_addr; 375 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr); 376 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr); 377 addr = ELF_PAGESTART(addr); 378 size = ELF_PAGEALIGN(size); 379 380 /* mmap() will return -EINVAL if given a zero size, but a 381 * segment with zero filesize is perfectly valid */ 382 if (!size) 383 return addr; 384 385 /* 386 * total_size is the size of the ELF (interpreter) image. 387 * The _first_ mmap needs to know the full size, otherwise 388 * randomization might put this image into an overlapping 389 * position with the ELF binary image. (since size < total_size) 390 * So we first map the 'big' image - and unmap the remainder at 391 * the end. (which unmap is needed for ELF images with holes.) 392 */ 393 if (total_size) { 394 total_size = ELF_PAGEALIGN(total_size); 395 map_addr = vm_mmap(filep, addr, total_size, prot, type, off); 396 if (!BAD_ADDR(map_addr)) 397 vm_munmap(map_addr+size, total_size-size); 398 } else 399 map_addr = vm_mmap(filep, addr, size, prot, type, off); 400 401 if ((type & MAP_FIXED_NOREPLACE) && 402 PTR_ERR((void *)map_addr) == -EEXIST) 403 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n", 404 task_pid_nr(current), current->comm, (void *)addr); 405 406 return(map_addr); 407 } 408 409 static unsigned long total_mapping_size(const struct elf_phdr *phdr, int nr) 410 { 411 elf_addr_t min_addr = -1; 412 elf_addr_t max_addr = 0; 413 bool pt_load = false; 414 int i; 415 416 for (i = 0; i < nr; i++) { 417 if (phdr[i].p_type == PT_LOAD) { 418 min_addr = min(min_addr, ELF_PAGESTART(phdr[i].p_vaddr)); 419 max_addr = max(max_addr, phdr[i].p_vaddr + phdr[i].p_memsz); 420 pt_load = true; 421 } 422 } 423 return pt_load ? (max_addr - min_addr) : 0; 424 } 425 426 static int elf_read(struct file *file, void *buf, size_t len, loff_t pos) 427 { 428 ssize_t rv; 429 430 rv = kernel_read(file, buf, len, &pos); 431 if (unlikely(rv != len)) { 432 return (rv < 0) ? rv : -EIO; 433 } 434 return 0; 435 } 436 437 static unsigned long maximum_alignment(struct elf_phdr *cmds, int nr) 438 { 439 unsigned long alignment = 0; 440 int i; 441 442 for (i = 0; i < nr; i++) { 443 if (cmds[i].p_type == PT_LOAD) { 444 unsigned long p_align = cmds[i].p_align; 445 446 /* skip non-power of two alignments as invalid */ 447 if (!is_power_of_2(p_align)) 448 continue; 449 alignment = max(alignment, p_align); 450 } 451 } 452 453 /* ensure we align to at least one page */ 454 return ELF_PAGEALIGN(alignment); 455 } 456 457 /** 458 * load_elf_phdrs() - load ELF program headers 459 * @elf_ex: ELF header of the binary whose program headers should be loaded 460 * @elf_file: the opened ELF binary file 461 * 462 * Loads ELF program headers from the binary file elf_file, which has the ELF 463 * header pointed to by elf_ex, into a newly allocated array. The caller is 464 * responsible for freeing the allocated data. Returns NULL upon failure. 465 */ 466 static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex, 467 struct file *elf_file) 468 { 469 struct elf_phdr *elf_phdata = NULL; 470 int retval = -1; 471 unsigned int size; 472 473 /* 474 * If the size of this structure has changed, then punt, since 475 * we will be doing the wrong thing. 476 */ 477 if (elf_ex->e_phentsize != sizeof(struct elf_phdr)) 478 goto out; 479 480 /* Sanity check the number of program headers... */ 481 /* ...and their total size. */ 482 size = sizeof(struct elf_phdr) * elf_ex->e_phnum; 483 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN) 484 goto out; 485 486 elf_phdata = kmalloc(size, GFP_KERNEL); 487 if (!elf_phdata) 488 goto out; 489 490 /* Read in the program headers */ 491 retval = elf_read(elf_file, elf_phdata, size, elf_ex->e_phoff); 492 493 out: 494 if (retval) { 495 kfree(elf_phdata); 496 elf_phdata = NULL; 497 } 498 return elf_phdata; 499 } 500 501 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE 502 503 /** 504 * struct arch_elf_state - arch-specific ELF loading state 505 * 506 * This structure is used to preserve architecture specific data during 507 * the loading of an ELF file, throughout the checking of architecture 508 * specific ELF headers & through to the point where the ELF load is 509 * known to be proceeding (ie. SET_PERSONALITY). 510 * 511 * This implementation is a dummy for architectures which require no 512 * specific state. 513 */ 514 struct arch_elf_state { 515 }; 516 517 #define INIT_ARCH_ELF_STATE {} 518 519 /** 520 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header 521 * @ehdr: The main ELF header 522 * @phdr: The program header to check 523 * @elf: The open ELF file 524 * @is_interp: True if the phdr is from the interpreter of the ELF being 525 * loaded, else false. 526 * @state: Architecture-specific state preserved throughout the process 527 * of loading the ELF. 528 * 529 * Inspects the program header phdr to validate its correctness and/or 530 * suitability for the system. Called once per ELF program header in the 531 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its 532 * interpreter. 533 * 534 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load 535 * with that return code. 536 */ 537 static inline int arch_elf_pt_proc(struct elfhdr *ehdr, 538 struct elf_phdr *phdr, 539 struct file *elf, bool is_interp, 540 struct arch_elf_state *state) 541 { 542 /* Dummy implementation, always proceed */ 543 return 0; 544 } 545 546 /** 547 * arch_check_elf() - check an ELF executable 548 * @ehdr: The main ELF header 549 * @has_interp: True if the ELF has an interpreter, else false. 550 * @interp_ehdr: The interpreter's ELF header 551 * @state: Architecture-specific state preserved throughout the process 552 * of loading the ELF. 553 * 554 * Provides a final opportunity for architecture code to reject the loading 555 * of the ELF & cause an exec syscall to return an error. This is called after 556 * all program headers to be checked by arch_elf_pt_proc have been. 557 * 558 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load 559 * with that return code. 560 */ 561 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp, 562 struct elfhdr *interp_ehdr, 563 struct arch_elf_state *state) 564 { 565 /* Dummy implementation, always proceed */ 566 return 0; 567 } 568 569 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */ 570 571 static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state, 572 bool has_interp, bool is_interp) 573 { 574 int prot = 0; 575 576 if (p_flags & PF_R) 577 prot |= PROT_READ; 578 if (p_flags & PF_W) 579 prot |= PROT_WRITE; 580 if (p_flags & PF_X) 581 prot |= PROT_EXEC; 582 583 return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp); 584 } 585 586 /* This is much more generalized than the library routine read function, 587 so we keep this separate. Technically the library read function 588 is only provided so that we can read a.out libraries that have 589 an ELF header */ 590 591 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, 592 struct file *interpreter, 593 unsigned long no_base, struct elf_phdr *interp_elf_phdata, 594 struct arch_elf_state *arch_state) 595 { 596 struct elf_phdr *eppnt; 597 unsigned long load_addr = 0; 598 int load_addr_set = 0; 599 unsigned long last_bss = 0, elf_bss = 0; 600 int bss_prot = 0; 601 unsigned long error = ~0UL; 602 unsigned long total_size; 603 int i; 604 605 /* First of all, some simple consistency checks */ 606 if (interp_elf_ex->e_type != ET_EXEC && 607 interp_elf_ex->e_type != ET_DYN) 608 goto out; 609 if (!elf_check_arch(interp_elf_ex) || 610 elf_check_fdpic(interp_elf_ex)) 611 goto out; 612 if (!interpreter->f_op->mmap) 613 goto out; 614 615 total_size = total_mapping_size(interp_elf_phdata, 616 interp_elf_ex->e_phnum); 617 if (!total_size) { 618 error = -EINVAL; 619 goto out; 620 } 621 622 eppnt = interp_elf_phdata; 623 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { 624 if (eppnt->p_type == PT_LOAD) { 625 int elf_type = MAP_PRIVATE; 626 int elf_prot = make_prot(eppnt->p_flags, arch_state, 627 true, true); 628 unsigned long vaddr = 0; 629 unsigned long k, map_addr; 630 631 vaddr = eppnt->p_vaddr; 632 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) 633 elf_type |= MAP_FIXED; 634 else if (no_base && interp_elf_ex->e_type == ET_DYN) 635 load_addr = -vaddr; 636 637 map_addr = elf_map(interpreter, load_addr + vaddr, 638 eppnt, elf_prot, elf_type, total_size); 639 total_size = 0; 640 error = map_addr; 641 if (BAD_ADDR(map_addr)) 642 goto out; 643 644 if (!load_addr_set && 645 interp_elf_ex->e_type == ET_DYN) { 646 load_addr = map_addr - ELF_PAGESTART(vaddr); 647 load_addr_set = 1; 648 } 649 650 /* 651 * Check to see if the section's size will overflow the 652 * allowed task size. Note that p_filesz must always be 653 * <= p_memsize so it's only necessary to check p_memsz. 654 */ 655 k = load_addr + eppnt->p_vaddr; 656 if (BAD_ADDR(k) || 657 eppnt->p_filesz > eppnt->p_memsz || 658 eppnt->p_memsz > TASK_SIZE || 659 TASK_SIZE - eppnt->p_memsz < k) { 660 error = -ENOMEM; 661 goto out; 662 } 663 664 /* 665 * Find the end of the file mapping for this phdr, and 666 * keep track of the largest address we see for this. 667 */ 668 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz; 669 if (k > elf_bss) 670 elf_bss = k; 671 672 /* 673 * Do the same thing for the memory mapping - between 674 * elf_bss and last_bss is the bss section. 675 */ 676 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz; 677 if (k > last_bss) { 678 last_bss = k; 679 bss_prot = elf_prot; 680 } 681 } 682 } 683 684 /* 685 * Now fill out the bss section: first pad the last page from 686 * the file up to the page boundary, and zero it from elf_bss 687 * up to the end of the page. 688 */ 689 if (padzero(elf_bss)) { 690 error = -EFAULT; 691 goto out; 692 } 693 /* 694 * Next, align both the file and mem bss up to the page size, 695 * since this is where elf_bss was just zeroed up to, and where 696 * last_bss will end after the vm_brk_flags() below. 697 */ 698 elf_bss = ELF_PAGEALIGN(elf_bss); 699 last_bss = ELF_PAGEALIGN(last_bss); 700 /* Finally, if there is still more bss to allocate, do it. */ 701 if (last_bss > elf_bss) { 702 error = vm_brk_flags(elf_bss, last_bss - elf_bss, 703 bss_prot & PROT_EXEC ? VM_EXEC : 0); 704 if (error) 705 goto out; 706 } 707 708 error = load_addr; 709 out: 710 return error; 711 } 712 713 /* 714 * These are the functions used to load ELF style executables and shared 715 * libraries. There is no binary dependent code anywhere else. 716 */ 717 718 static int parse_elf_property(const char *data, size_t *off, size_t datasz, 719 struct arch_elf_state *arch, 720 bool have_prev_type, u32 *prev_type) 721 { 722 size_t o, step; 723 const struct gnu_property *pr; 724 int ret; 725 726 if (*off == datasz) 727 return -ENOENT; 728 729 if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN)) 730 return -EIO; 731 o = *off; 732 datasz -= *off; 733 734 if (datasz < sizeof(*pr)) 735 return -ENOEXEC; 736 pr = (const struct gnu_property *)(data + o); 737 o += sizeof(*pr); 738 datasz -= sizeof(*pr); 739 740 if (pr->pr_datasz > datasz) 741 return -ENOEXEC; 742 743 WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN); 744 step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN); 745 if (step > datasz) 746 return -ENOEXEC; 747 748 /* Properties are supposed to be unique and sorted on pr_type: */ 749 if (have_prev_type && pr->pr_type <= *prev_type) 750 return -ENOEXEC; 751 *prev_type = pr->pr_type; 752 753 ret = arch_parse_elf_property(pr->pr_type, data + o, 754 pr->pr_datasz, ELF_COMPAT, arch); 755 if (ret) 756 return ret; 757 758 *off = o + step; 759 return 0; 760 } 761 762 #define NOTE_DATA_SZ SZ_1K 763 #define GNU_PROPERTY_TYPE_0_NAME "GNU" 764 #define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME)) 765 766 static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr, 767 struct arch_elf_state *arch) 768 { 769 union { 770 struct elf_note nhdr; 771 char data[NOTE_DATA_SZ]; 772 } note; 773 loff_t pos; 774 ssize_t n; 775 size_t off, datasz; 776 int ret; 777 bool have_prev_type; 778 u32 prev_type; 779 780 if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr) 781 return 0; 782 783 /* load_elf_binary() shouldn't call us unless this is true... */ 784 if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY)) 785 return -ENOEXEC; 786 787 /* If the properties are crazy large, that's too bad (for now): */ 788 if (phdr->p_filesz > sizeof(note)) 789 return -ENOEXEC; 790 791 pos = phdr->p_offset; 792 n = kernel_read(f, ¬e, phdr->p_filesz, &pos); 793 794 BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ); 795 if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ) 796 return -EIO; 797 798 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 || 799 note.nhdr.n_namesz != NOTE_NAME_SZ || 800 strncmp(note.data + sizeof(note.nhdr), 801 GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr))) 802 return -ENOEXEC; 803 804 off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ, 805 ELF_GNU_PROPERTY_ALIGN); 806 if (off > n) 807 return -ENOEXEC; 808 809 if (note.nhdr.n_descsz > n - off) 810 return -ENOEXEC; 811 datasz = off + note.nhdr.n_descsz; 812 813 have_prev_type = false; 814 do { 815 ret = parse_elf_property(note.data, &off, datasz, arch, 816 have_prev_type, &prev_type); 817 have_prev_type = true; 818 } while (!ret); 819 820 return ret == -ENOENT ? 0 : ret; 821 } 822 823 static int load_elf_binary(struct linux_binprm *bprm) 824 { 825 struct file *interpreter = NULL; /* to shut gcc up */ 826 unsigned long load_bias = 0, phdr_addr = 0; 827 int first_pt_load = 1; 828 unsigned long error; 829 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL; 830 struct elf_phdr *elf_property_phdata = NULL; 831 unsigned long elf_bss, elf_brk; 832 int bss_prot = 0; 833 int retval, i; 834 unsigned long elf_entry; 835 unsigned long e_entry; 836 unsigned long interp_load_addr = 0; 837 unsigned long start_code, end_code, start_data, end_data; 838 unsigned long reloc_func_desc __maybe_unused = 0; 839 int executable_stack = EXSTACK_DEFAULT; 840 struct elfhdr *elf_ex = (struct elfhdr *)bprm->buf; 841 struct elfhdr *interp_elf_ex = NULL; 842 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE; 843 struct mm_struct *mm; 844 struct pt_regs *regs; 845 846 retval = -ENOEXEC; 847 /* First of all, some simple consistency checks */ 848 if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0) 849 goto out; 850 851 if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN) 852 goto out; 853 if (!elf_check_arch(elf_ex)) 854 goto out; 855 if (elf_check_fdpic(elf_ex)) 856 goto out; 857 if (!bprm->file->f_op->mmap) 858 goto out; 859 860 elf_phdata = load_elf_phdrs(elf_ex, bprm->file); 861 if (!elf_phdata) 862 goto out; 863 864 elf_ppnt = elf_phdata; 865 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) { 866 char *elf_interpreter; 867 868 if (elf_ppnt->p_type == PT_GNU_PROPERTY) { 869 elf_property_phdata = elf_ppnt; 870 continue; 871 } 872 873 if (elf_ppnt->p_type != PT_INTERP) 874 continue; 875 876 /* 877 * This is the program interpreter used for shared libraries - 878 * for now assume that this is an a.out format binary. 879 */ 880 retval = -ENOEXEC; 881 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2) 882 goto out_free_ph; 883 884 retval = -ENOMEM; 885 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL); 886 if (!elf_interpreter) 887 goto out_free_ph; 888 889 retval = elf_read(bprm->file, elf_interpreter, elf_ppnt->p_filesz, 890 elf_ppnt->p_offset); 891 if (retval < 0) 892 goto out_free_interp; 893 /* make sure path is NULL terminated */ 894 retval = -ENOEXEC; 895 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') 896 goto out_free_interp; 897 898 interpreter = open_exec(elf_interpreter); 899 kfree(elf_interpreter); 900 retval = PTR_ERR(interpreter); 901 if (IS_ERR(interpreter)) 902 goto out_free_ph; 903 904 /* 905 * If the binary is not readable then enforce mm->dumpable = 0 906 * regardless of the interpreter's permissions. 907 */ 908 would_dump(bprm, interpreter); 909 910 interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL); 911 if (!interp_elf_ex) { 912 retval = -ENOMEM; 913 goto out_free_file; 914 } 915 916 /* Get the exec headers */ 917 retval = elf_read(interpreter, interp_elf_ex, 918 sizeof(*interp_elf_ex), 0); 919 if (retval < 0) 920 goto out_free_dentry; 921 922 break; 923 924 out_free_interp: 925 kfree(elf_interpreter); 926 goto out_free_ph; 927 } 928 929 elf_ppnt = elf_phdata; 930 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) 931 switch (elf_ppnt->p_type) { 932 case PT_GNU_STACK: 933 if (elf_ppnt->p_flags & PF_X) 934 executable_stack = EXSTACK_ENABLE_X; 935 else 936 executable_stack = EXSTACK_DISABLE_X; 937 break; 938 939 case PT_LOPROC ... PT_HIPROC: 940 retval = arch_elf_pt_proc(elf_ex, elf_ppnt, 941 bprm->file, false, 942 &arch_state); 943 if (retval) 944 goto out_free_dentry; 945 break; 946 } 947 948 /* Some simple consistency checks for the interpreter */ 949 if (interpreter) { 950 retval = -ELIBBAD; 951 /* Not an ELF interpreter */ 952 if (memcmp(interp_elf_ex->e_ident, ELFMAG, SELFMAG) != 0) 953 goto out_free_dentry; 954 /* Verify the interpreter has a valid arch */ 955 if (!elf_check_arch(interp_elf_ex) || 956 elf_check_fdpic(interp_elf_ex)) 957 goto out_free_dentry; 958 959 /* Load the interpreter program headers */ 960 interp_elf_phdata = load_elf_phdrs(interp_elf_ex, 961 interpreter); 962 if (!interp_elf_phdata) 963 goto out_free_dentry; 964 965 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */ 966 elf_property_phdata = NULL; 967 elf_ppnt = interp_elf_phdata; 968 for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++) 969 switch (elf_ppnt->p_type) { 970 case PT_GNU_PROPERTY: 971 elf_property_phdata = elf_ppnt; 972 break; 973 974 case PT_LOPROC ... PT_HIPROC: 975 retval = arch_elf_pt_proc(interp_elf_ex, 976 elf_ppnt, interpreter, 977 true, &arch_state); 978 if (retval) 979 goto out_free_dentry; 980 break; 981 } 982 } 983 984 retval = parse_elf_properties(interpreter ?: bprm->file, 985 elf_property_phdata, &arch_state); 986 if (retval) 987 goto out_free_dentry; 988 989 /* 990 * Allow arch code to reject the ELF at this point, whilst it's 991 * still possible to return an error to the code that invoked 992 * the exec syscall. 993 */ 994 retval = arch_check_elf(elf_ex, 995 !!interpreter, interp_elf_ex, 996 &arch_state); 997 if (retval) 998 goto out_free_dentry; 999 1000 /* Flush all traces of the currently running executable */ 1001 retval = begin_new_exec(bprm); 1002 if (retval) 1003 goto out_free_dentry; 1004 1005 /* Do this immediately, since STACK_TOP as used in setup_arg_pages 1006 may depend on the personality. */ 1007 SET_PERSONALITY2(*elf_ex, &arch_state); 1008 if (elf_read_implies_exec(*elf_ex, executable_stack)) 1009 current->personality |= READ_IMPLIES_EXEC; 1010 1011 const int snapshot_randomize_va_space = READ_ONCE(randomize_va_space); 1012 if (!(current->personality & ADDR_NO_RANDOMIZE) && snapshot_randomize_va_space) 1013 current->flags |= PF_RANDOMIZE; 1014 1015 setup_new_exec(bprm); 1016 1017 /* Do this so that we can load the interpreter, if need be. We will 1018 change some of these later */ 1019 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP), 1020 executable_stack); 1021 if (retval < 0) 1022 goto out_free_dentry; 1023 1024 elf_bss = 0; 1025 elf_brk = 0; 1026 1027 start_code = ~0UL; 1028 end_code = 0; 1029 start_data = 0; 1030 end_data = 0; 1031 1032 /* Now we do a little grungy work by mmapping the ELF image into 1033 the correct location in memory. */ 1034 for(i = 0, elf_ppnt = elf_phdata; 1035 i < elf_ex->e_phnum; i++, elf_ppnt++) { 1036 int elf_prot, elf_flags; 1037 unsigned long k, vaddr; 1038 unsigned long total_size = 0; 1039 unsigned long alignment; 1040 1041 if (elf_ppnt->p_type != PT_LOAD) 1042 continue; 1043 1044 if (unlikely (elf_brk > elf_bss)) { 1045 unsigned long nbyte; 1046 1047 /* There was a PT_LOAD segment with p_memsz > p_filesz 1048 before this one. Map anonymous pages, if needed, 1049 and clear the area. */ 1050 retval = set_brk(elf_bss + load_bias, 1051 elf_brk + load_bias, 1052 bss_prot); 1053 if (retval) 1054 goto out_free_dentry; 1055 nbyte = ELF_PAGEOFFSET(elf_bss); 1056 if (nbyte) { 1057 nbyte = ELF_MIN_ALIGN - nbyte; 1058 if (nbyte > elf_brk - elf_bss) 1059 nbyte = elf_brk - elf_bss; 1060 if (clear_user((void __user *)elf_bss + 1061 load_bias, nbyte)) { 1062 /* 1063 * This bss-zeroing can fail if the ELF 1064 * file specifies odd protections. So 1065 * we don't check the return value 1066 */ 1067 } 1068 } 1069 } 1070 1071 elf_prot = make_prot(elf_ppnt->p_flags, &arch_state, 1072 !!interpreter, false); 1073 1074 elf_flags = MAP_PRIVATE; 1075 1076 vaddr = elf_ppnt->p_vaddr; 1077 /* 1078 * The first time through the loop, first_pt_load is true: 1079 * layout will be calculated. Once set, use MAP_FIXED since 1080 * we know we've already safely mapped the entire region with 1081 * MAP_FIXED_NOREPLACE in the once-per-binary logic following. 1082 */ 1083 if (!first_pt_load) { 1084 elf_flags |= MAP_FIXED; 1085 } else if (elf_ex->e_type == ET_EXEC) { 1086 /* 1087 * This logic is run once for the first LOAD Program 1088 * Header for ET_EXEC binaries. No special handling 1089 * is needed. 1090 */ 1091 elf_flags |= MAP_FIXED_NOREPLACE; 1092 } else if (elf_ex->e_type == ET_DYN) { 1093 /* 1094 * This logic is run once for the first LOAD Program 1095 * Header for ET_DYN binaries to calculate the 1096 * randomization (load_bias) for all the LOAD 1097 * Program Headers. 1098 * 1099 * There are effectively two types of ET_DYN 1100 * binaries: programs (i.e. PIE: ET_DYN with INTERP) 1101 * and loaders (ET_DYN without INTERP, since they 1102 * _are_ the ELF interpreter). The loaders must 1103 * be loaded away from programs since the program 1104 * may otherwise collide with the loader (especially 1105 * for ET_EXEC which does not have a randomized 1106 * position). For example to handle invocations of 1107 * "./ld.so someprog" to test out a new version of 1108 * the loader, the subsequent program that the 1109 * loader loads must avoid the loader itself, so 1110 * they cannot share the same load range. Sufficient 1111 * room for the brk must be allocated with the 1112 * loader as well, since brk must be available with 1113 * the loader. 1114 * 1115 * Therefore, programs are loaded offset from 1116 * ELF_ET_DYN_BASE and loaders are loaded into the 1117 * independently randomized mmap region (0 load_bias 1118 * without MAP_FIXED nor MAP_FIXED_NOREPLACE). 1119 */ 1120 if (interpreter) { 1121 load_bias = ELF_ET_DYN_BASE; 1122 if (current->flags & PF_RANDOMIZE) 1123 load_bias += arch_mmap_rnd(); 1124 alignment = maximum_alignment(elf_phdata, elf_ex->e_phnum); 1125 if (alignment) 1126 load_bias &= ~(alignment - 1); 1127 elf_flags |= MAP_FIXED_NOREPLACE; 1128 } else 1129 load_bias = 0; 1130 1131 /* 1132 * Since load_bias is used for all subsequent loading 1133 * calculations, we must lower it by the first vaddr 1134 * so that the remaining calculations based on the 1135 * ELF vaddrs will be correctly offset. The result 1136 * is then page aligned. 1137 */ 1138 load_bias = ELF_PAGESTART(load_bias - vaddr); 1139 1140 /* 1141 * Calculate the entire size of the ELF mapping 1142 * (total_size), used for the initial mapping, 1143 * due to load_addr_set which is set to true later 1144 * once the initial mapping is performed. 1145 * 1146 * Note that this is only sensible when the LOAD 1147 * segments are contiguous (or overlapping). If 1148 * used for LOADs that are far apart, this would 1149 * cause the holes between LOADs to be mapped, 1150 * running the risk of having the mapping fail, 1151 * as it would be larger than the ELF file itself. 1152 * 1153 * As a result, only ET_DYN does this, since 1154 * some ET_EXEC (e.g. ia64) may have large virtual 1155 * memory holes between LOADs. 1156 * 1157 */ 1158 total_size = total_mapping_size(elf_phdata, 1159 elf_ex->e_phnum); 1160 if (!total_size) { 1161 retval = -EINVAL; 1162 goto out_free_dentry; 1163 } 1164 } 1165 1166 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, 1167 elf_prot, elf_flags, total_size); 1168 if (BAD_ADDR(error)) { 1169 retval = IS_ERR_VALUE(error) ? 1170 PTR_ERR((void*)error) : -EINVAL; 1171 goto out_free_dentry; 1172 } 1173 1174 if (first_pt_load) { 1175 first_pt_load = 0; 1176 if (elf_ex->e_type == ET_DYN) { 1177 load_bias += error - 1178 ELF_PAGESTART(load_bias + vaddr); 1179 reloc_func_desc = load_bias; 1180 } 1181 } 1182 1183 /* 1184 * Figure out which segment in the file contains the Program 1185 * Header table, and map to the associated memory address. 1186 */ 1187 if (elf_ppnt->p_offset <= elf_ex->e_phoff && 1188 elf_ex->e_phoff < elf_ppnt->p_offset + elf_ppnt->p_filesz) { 1189 phdr_addr = elf_ex->e_phoff - elf_ppnt->p_offset + 1190 elf_ppnt->p_vaddr; 1191 } 1192 1193 k = elf_ppnt->p_vaddr; 1194 if ((elf_ppnt->p_flags & PF_X) && k < start_code) 1195 start_code = k; 1196 if (start_data < k) 1197 start_data = k; 1198 1199 /* 1200 * Check to see if the section's size will overflow the 1201 * allowed task size. Note that p_filesz must always be 1202 * <= p_memsz so it is only necessary to check p_memsz. 1203 */ 1204 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz || 1205 elf_ppnt->p_memsz > TASK_SIZE || 1206 TASK_SIZE - elf_ppnt->p_memsz < k) { 1207 /* set_brk can never work. Avoid overflows. */ 1208 retval = -EINVAL; 1209 goto out_free_dentry; 1210 } 1211 1212 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz; 1213 1214 if (k > elf_bss) 1215 elf_bss = k; 1216 if ((elf_ppnt->p_flags & PF_X) && end_code < k) 1217 end_code = k; 1218 if (end_data < k) 1219 end_data = k; 1220 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz; 1221 if (k > elf_brk) { 1222 bss_prot = elf_prot; 1223 elf_brk = k; 1224 } 1225 } 1226 1227 e_entry = elf_ex->e_entry + load_bias; 1228 phdr_addr += load_bias; 1229 elf_bss += load_bias; 1230 elf_brk += load_bias; 1231 start_code += load_bias; 1232 end_code += load_bias; 1233 start_data += load_bias; 1234 end_data += load_bias; 1235 1236 /* Calling set_brk effectively mmaps the pages that we need 1237 * for the bss and break sections. We must do this before 1238 * mapping in the interpreter, to make sure it doesn't wind 1239 * up getting placed where the bss needs to go. 1240 */ 1241 retval = set_brk(elf_bss, elf_brk, bss_prot); 1242 if (retval) 1243 goto out_free_dentry; 1244 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { 1245 retval = -EFAULT; /* Nobody gets to see this, but.. */ 1246 goto out_free_dentry; 1247 } 1248 1249 if (interpreter) { 1250 elf_entry = load_elf_interp(interp_elf_ex, 1251 interpreter, 1252 load_bias, interp_elf_phdata, 1253 &arch_state); 1254 if (!IS_ERR_VALUE(elf_entry)) { 1255 /* 1256 * load_elf_interp() returns relocation 1257 * adjustment 1258 */ 1259 interp_load_addr = elf_entry; 1260 elf_entry += interp_elf_ex->e_entry; 1261 } 1262 if (BAD_ADDR(elf_entry)) { 1263 retval = IS_ERR_VALUE(elf_entry) ? 1264 (int)elf_entry : -EINVAL; 1265 goto out_free_dentry; 1266 } 1267 reloc_func_desc = interp_load_addr; 1268 1269 allow_write_access(interpreter); 1270 fput(interpreter); 1271 1272 kfree(interp_elf_ex); 1273 kfree(interp_elf_phdata); 1274 } else { 1275 elf_entry = e_entry; 1276 if (BAD_ADDR(elf_entry)) { 1277 retval = -EINVAL; 1278 goto out_free_dentry; 1279 } 1280 } 1281 1282 kfree(elf_phdata); 1283 1284 set_binfmt(&elf_format); 1285 1286 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES 1287 retval = ARCH_SETUP_ADDITIONAL_PAGES(bprm, elf_ex, !!interpreter); 1288 if (retval < 0) 1289 goto out; 1290 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ 1291 1292 retval = create_elf_tables(bprm, elf_ex, interp_load_addr, 1293 e_entry, phdr_addr); 1294 if (retval < 0) 1295 goto out; 1296 1297 mm = current->mm; 1298 mm->end_code = end_code; 1299 mm->start_code = start_code; 1300 mm->start_data = start_data; 1301 mm->end_data = end_data; 1302 mm->start_stack = bprm->p; 1303 1304 if ((current->flags & PF_RANDOMIZE) && (snapshot_randomize_va_space > 1)) { 1305 /* 1306 * For architectures with ELF randomization, when executing 1307 * a loader directly (i.e. no interpreter listed in ELF 1308 * headers), move the brk area out of the mmap region 1309 * (since it grows up, and may collide early with the stack 1310 * growing down), and into the unused ELF_ET_DYN_BASE region. 1311 */ 1312 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) && 1313 elf_ex->e_type == ET_DYN && !interpreter) { 1314 mm->brk = mm->start_brk = ELF_ET_DYN_BASE; 1315 } 1316 1317 mm->brk = mm->start_brk = arch_randomize_brk(mm); 1318 #ifdef compat_brk_randomized 1319 current->brk_randomized = 1; 1320 #endif 1321 } 1322 1323 if (current->personality & MMAP_PAGE_ZERO) { 1324 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 1325 and some applications "depend" upon this behavior. 1326 Since we do not have the power to recompile these, we 1327 emulate the SVr4 behavior. Sigh. */ 1328 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC, 1329 MAP_FIXED | MAP_PRIVATE, 0); 1330 } 1331 1332 regs = current_pt_regs(); 1333 #ifdef ELF_PLAT_INIT 1334 /* 1335 * The ABI may specify that certain registers be set up in special 1336 * ways (on i386 %edx is the address of a DT_FINI function, for 1337 * example. In addition, it may also specify (eg, PowerPC64 ELF) 1338 * that the e_entry field is the address of the function descriptor 1339 * for the startup routine, rather than the address of the startup 1340 * routine itself. This macro performs whatever initialization to 1341 * the regs structure is required as well as any relocations to the 1342 * function descriptor entries when executing dynamically links apps. 1343 */ 1344 ELF_PLAT_INIT(regs, reloc_func_desc); 1345 #endif 1346 1347 finalize_exec(bprm); 1348 START_THREAD(elf_ex, regs, elf_entry, bprm->p); 1349 retval = 0; 1350 out: 1351 return retval; 1352 1353 /* error cleanup */ 1354 out_free_dentry: 1355 kfree(interp_elf_ex); 1356 kfree(interp_elf_phdata); 1357 out_free_file: 1358 allow_write_access(interpreter); 1359 if (interpreter) 1360 fput(interpreter); 1361 out_free_ph: 1362 kfree(elf_phdata); 1363 goto out; 1364 } 1365 1366 #ifdef CONFIG_USELIB 1367 /* This is really simpleminded and specialized - we are loading an 1368 a.out library that is given an ELF header. */ 1369 static int load_elf_library(struct file *file) 1370 { 1371 struct elf_phdr *elf_phdata; 1372 struct elf_phdr *eppnt; 1373 unsigned long elf_bss, bss, len; 1374 int retval, error, i, j; 1375 struct elfhdr elf_ex; 1376 1377 error = -ENOEXEC; 1378 retval = elf_read(file, &elf_ex, sizeof(elf_ex), 0); 1379 if (retval < 0) 1380 goto out; 1381 1382 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0) 1383 goto out; 1384 1385 /* First of all, some simple consistency checks */ 1386 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 || 1387 !elf_check_arch(&elf_ex) || !file->f_op->mmap) 1388 goto out; 1389 if (elf_check_fdpic(&elf_ex)) 1390 goto out; 1391 1392 /* Now read in all of the header information */ 1393 1394 j = sizeof(struct elf_phdr) * elf_ex.e_phnum; 1395 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */ 1396 1397 error = -ENOMEM; 1398 elf_phdata = kmalloc(j, GFP_KERNEL); 1399 if (!elf_phdata) 1400 goto out; 1401 1402 eppnt = elf_phdata; 1403 error = -ENOEXEC; 1404 retval = elf_read(file, eppnt, j, elf_ex.e_phoff); 1405 if (retval < 0) 1406 goto out_free_ph; 1407 1408 for (j = 0, i = 0; i<elf_ex.e_phnum; i++) 1409 if ((eppnt + i)->p_type == PT_LOAD) 1410 j++; 1411 if (j != 1) 1412 goto out_free_ph; 1413 1414 while (eppnt->p_type != PT_LOAD) 1415 eppnt++; 1416 1417 /* Now use mmap to map the library into memory. */ 1418 error = vm_mmap(file, 1419 ELF_PAGESTART(eppnt->p_vaddr), 1420 (eppnt->p_filesz + 1421 ELF_PAGEOFFSET(eppnt->p_vaddr)), 1422 PROT_READ | PROT_WRITE | PROT_EXEC, 1423 MAP_FIXED_NOREPLACE | MAP_PRIVATE, 1424 (eppnt->p_offset - 1425 ELF_PAGEOFFSET(eppnt->p_vaddr))); 1426 if (error != ELF_PAGESTART(eppnt->p_vaddr)) 1427 goto out_free_ph; 1428 1429 elf_bss = eppnt->p_vaddr + eppnt->p_filesz; 1430 if (padzero(elf_bss)) { 1431 error = -EFAULT; 1432 goto out_free_ph; 1433 } 1434 1435 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr); 1436 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr); 1437 if (bss > len) { 1438 error = vm_brk(len, bss - len); 1439 if (error) 1440 goto out_free_ph; 1441 } 1442 error = 0; 1443 1444 out_free_ph: 1445 kfree(elf_phdata); 1446 out: 1447 return error; 1448 } 1449 #endif /* #ifdef CONFIG_USELIB */ 1450 1451 #ifdef CONFIG_ELF_CORE 1452 /* 1453 * ELF core dumper 1454 * 1455 * Modelled on fs/exec.c:aout_core_dump() 1456 * Jeremy Fitzhardinge <jeremy@sw.oz.au> 1457 */ 1458 1459 /* An ELF note in memory */ 1460 struct memelfnote 1461 { 1462 const char *name; 1463 int type; 1464 unsigned int datasz; 1465 void *data; 1466 }; 1467 1468 static int notesize(struct memelfnote *en) 1469 { 1470 int sz; 1471 1472 sz = sizeof(struct elf_note); 1473 sz += roundup(strlen(en->name) + 1, 4); 1474 sz += roundup(en->datasz, 4); 1475 1476 return sz; 1477 } 1478 1479 static int writenote(struct memelfnote *men, struct coredump_params *cprm) 1480 { 1481 struct elf_note en; 1482 en.n_namesz = strlen(men->name) + 1; 1483 en.n_descsz = men->datasz; 1484 en.n_type = men->type; 1485 1486 return dump_emit(cprm, &en, sizeof(en)) && 1487 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) && 1488 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4); 1489 } 1490 1491 static void fill_elf_header(struct elfhdr *elf, int segs, 1492 u16 machine, u32 flags) 1493 { 1494 memset(elf, 0, sizeof(*elf)); 1495 1496 memcpy(elf->e_ident, ELFMAG, SELFMAG); 1497 elf->e_ident[EI_CLASS] = ELF_CLASS; 1498 elf->e_ident[EI_DATA] = ELF_DATA; 1499 elf->e_ident[EI_VERSION] = EV_CURRENT; 1500 elf->e_ident[EI_OSABI] = ELF_OSABI; 1501 1502 elf->e_type = ET_CORE; 1503 elf->e_machine = machine; 1504 elf->e_version = EV_CURRENT; 1505 elf->e_phoff = sizeof(struct elfhdr); 1506 elf->e_flags = flags; 1507 elf->e_ehsize = sizeof(struct elfhdr); 1508 elf->e_phentsize = sizeof(struct elf_phdr); 1509 elf->e_phnum = segs; 1510 } 1511 1512 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset) 1513 { 1514 phdr->p_type = PT_NOTE; 1515 phdr->p_offset = offset; 1516 phdr->p_vaddr = 0; 1517 phdr->p_paddr = 0; 1518 phdr->p_filesz = sz; 1519 phdr->p_memsz = 0; 1520 phdr->p_flags = 0; 1521 phdr->p_align = 4; 1522 } 1523 1524 static void fill_note(struct memelfnote *note, const char *name, int type, 1525 unsigned int sz, void *data) 1526 { 1527 note->name = name; 1528 note->type = type; 1529 note->datasz = sz; 1530 note->data = data; 1531 } 1532 1533 /* 1534 * fill up all the fields in prstatus from the given task struct, except 1535 * registers which need to be filled up separately. 1536 */ 1537 static void fill_prstatus(struct elf_prstatus_common *prstatus, 1538 struct task_struct *p, long signr) 1539 { 1540 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 1541 prstatus->pr_sigpend = p->pending.signal.sig[0]; 1542 prstatus->pr_sighold = p->blocked.sig[0]; 1543 rcu_read_lock(); 1544 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent)); 1545 rcu_read_unlock(); 1546 prstatus->pr_pid = task_pid_vnr(p); 1547 prstatus->pr_pgrp = task_pgrp_vnr(p); 1548 prstatus->pr_sid = task_session_vnr(p); 1549 if (thread_group_leader(p)) { 1550 struct task_cputime cputime; 1551 1552 /* 1553 * This is the record for the group leader. It shows the 1554 * group-wide total, not its individual thread total. 1555 */ 1556 thread_group_cputime(p, &cputime); 1557 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime); 1558 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime); 1559 } else { 1560 u64 utime, stime; 1561 1562 task_cputime(p, &utime, &stime); 1563 prstatus->pr_utime = ns_to_kernel_old_timeval(utime); 1564 prstatus->pr_stime = ns_to_kernel_old_timeval(stime); 1565 } 1566 1567 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime); 1568 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime); 1569 } 1570 1571 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, 1572 struct mm_struct *mm) 1573 { 1574 const struct cred *cred; 1575 unsigned int i, len; 1576 unsigned int state; 1577 1578 /* first copy the parameters from user space */ 1579 memset(psinfo, 0, sizeof(struct elf_prpsinfo)); 1580 1581 len = mm->arg_end - mm->arg_start; 1582 if (len >= ELF_PRARGSZ) 1583 len = ELF_PRARGSZ-1; 1584 if (copy_from_user(&psinfo->pr_psargs, 1585 (const char __user *)mm->arg_start, len)) 1586 return -EFAULT; 1587 for(i = 0; i < len; i++) 1588 if (psinfo->pr_psargs[i] == 0) 1589 psinfo->pr_psargs[i] = ' '; 1590 psinfo->pr_psargs[len] = 0; 1591 1592 rcu_read_lock(); 1593 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent)); 1594 rcu_read_unlock(); 1595 psinfo->pr_pid = task_pid_vnr(p); 1596 psinfo->pr_pgrp = task_pgrp_vnr(p); 1597 psinfo->pr_sid = task_session_vnr(p); 1598 1599 state = READ_ONCE(p->__state); 1600 i = state ? ffz(~state) + 1 : 0; 1601 psinfo->pr_state = i; 1602 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i]; 1603 psinfo->pr_zomb = psinfo->pr_sname == 'Z'; 1604 psinfo->pr_nice = task_nice(p); 1605 psinfo->pr_flag = p->flags; 1606 rcu_read_lock(); 1607 cred = __task_cred(p); 1608 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid)); 1609 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid)); 1610 rcu_read_unlock(); 1611 get_task_comm(psinfo->pr_fname, p); 1612 1613 return 0; 1614 } 1615 1616 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) 1617 { 1618 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; 1619 int i = 0; 1620 do 1621 i += 2; 1622 while (auxv[i - 2] != AT_NULL); 1623 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); 1624 } 1625 1626 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, 1627 const kernel_siginfo_t *siginfo) 1628 { 1629 copy_siginfo_to_external(csigdata, siginfo); 1630 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); 1631 } 1632 1633 #define MAX_FILE_NOTE_SIZE (4*1024*1024) 1634 /* 1635 * Format of NT_FILE note: 1636 * 1637 * long count -- how many files are mapped 1638 * long page_size -- units for file_ofs 1639 * array of [COUNT] elements of 1640 * long start 1641 * long end 1642 * long file_ofs 1643 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL... 1644 */ 1645 static int fill_files_note(struct memelfnote *note, struct coredump_params *cprm) 1646 { 1647 unsigned count, size, names_ofs, remaining, n; 1648 user_long_t *data; 1649 user_long_t *start_end_ofs; 1650 char *name_base, *name_curpos; 1651 int i; 1652 1653 /* *Estimated* file count and total data size needed */ 1654 count = cprm->vma_count; 1655 if (count > UINT_MAX / 64) 1656 return -EINVAL; 1657 size = count * 64; 1658 1659 names_ofs = (2 + 3 * count) * sizeof(data[0]); 1660 alloc: 1661 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */ 1662 return -EINVAL; 1663 size = round_up(size, PAGE_SIZE); 1664 /* 1665 * "size" can be 0 here legitimately. 1666 * Let it ENOMEM and omit NT_FILE section which will be empty anyway. 1667 */ 1668 data = kvmalloc(size, GFP_KERNEL); 1669 if (ZERO_OR_NULL_PTR(data)) 1670 return -ENOMEM; 1671 1672 start_end_ofs = data + 2; 1673 name_base = name_curpos = ((char *)data) + names_ofs; 1674 remaining = size - names_ofs; 1675 count = 0; 1676 for (i = 0; i < cprm->vma_count; i++) { 1677 struct core_vma_metadata *m = &cprm->vma_meta[i]; 1678 struct file *file; 1679 const char *filename; 1680 1681 file = m->file; 1682 if (!file) 1683 continue; 1684 filename = file_path(file, name_curpos, remaining); 1685 if (IS_ERR(filename)) { 1686 if (PTR_ERR(filename) == -ENAMETOOLONG) { 1687 kvfree(data); 1688 size = size * 5 / 4; 1689 goto alloc; 1690 } 1691 continue; 1692 } 1693 1694 /* file_path() fills at the end, move name down */ 1695 /* n = strlen(filename) + 1: */ 1696 n = (name_curpos + remaining) - filename; 1697 remaining = filename - name_curpos; 1698 memmove(name_curpos, filename, n); 1699 name_curpos += n; 1700 1701 *start_end_ofs++ = m->start; 1702 *start_end_ofs++ = m->end; 1703 *start_end_ofs++ = m->pgoff; 1704 count++; 1705 } 1706 1707 /* Now we know exact count of files, can store it */ 1708 data[0] = count; 1709 data[1] = PAGE_SIZE; 1710 /* 1711 * Count usually is less than mm->map_count, 1712 * we need to move filenames down. 1713 */ 1714 n = cprm->vma_count - count; 1715 if (n != 0) { 1716 unsigned shift_bytes = n * 3 * sizeof(data[0]); 1717 memmove(name_base - shift_bytes, name_base, 1718 name_curpos - name_base); 1719 name_curpos -= shift_bytes; 1720 } 1721 1722 size = name_curpos - (char *)data; 1723 fill_note(note, "CORE", NT_FILE, size, data); 1724 return 0; 1725 } 1726 1727 #include <linux/regset.h> 1728 1729 struct elf_thread_core_info { 1730 struct elf_thread_core_info *next; 1731 struct task_struct *task; 1732 struct elf_prstatus prstatus; 1733 struct memelfnote notes[]; 1734 }; 1735 1736 struct elf_note_info { 1737 struct elf_thread_core_info *thread; 1738 struct memelfnote psinfo; 1739 struct memelfnote signote; 1740 struct memelfnote auxv; 1741 struct memelfnote files; 1742 user_siginfo_t csigdata; 1743 size_t size; 1744 int thread_notes; 1745 }; 1746 1747 #ifdef CORE_DUMP_USE_REGSET 1748 /* 1749 * When a regset has a writeback hook, we call it on each thread before 1750 * dumping user memory. On register window machines, this makes sure the 1751 * user memory backing the register data is up to date before we read it. 1752 */ 1753 static void do_thread_regset_writeback(struct task_struct *task, 1754 const struct user_regset *regset) 1755 { 1756 if (regset->writeback) 1757 regset->writeback(task, regset, 1); 1758 } 1759 1760 #ifndef PRSTATUS_SIZE 1761 #define PRSTATUS_SIZE sizeof(struct elf_prstatus) 1762 #endif 1763 1764 #ifndef SET_PR_FPVALID 1765 #define SET_PR_FPVALID(S) ((S)->pr_fpvalid = 1) 1766 #endif 1767 1768 static int fill_thread_core_info(struct elf_thread_core_info *t, 1769 const struct user_regset_view *view, 1770 long signr, struct elf_note_info *info) 1771 { 1772 unsigned int note_iter, view_iter; 1773 1774 /* 1775 * NT_PRSTATUS is the one special case, because the regset data 1776 * goes into the pr_reg field inside the note contents, rather 1777 * than being the whole note contents. We fill the regset in here. 1778 * We assume that regset 0 is NT_PRSTATUS. 1779 */ 1780 fill_prstatus(&t->prstatus.common, t->task, signr); 1781 regset_get(t->task, &view->regsets[0], 1782 sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg); 1783 1784 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, 1785 PRSTATUS_SIZE, &t->prstatus); 1786 info->size += notesize(&t->notes[0]); 1787 1788 do_thread_regset_writeback(t->task, &view->regsets[0]); 1789 1790 /* 1791 * Each other regset might generate a note too. For each regset 1792 * that has no core_note_type or is inactive, skip it. 1793 */ 1794 note_iter = 1; 1795 for (view_iter = 1; view_iter < view->n; ++view_iter) { 1796 const struct user_regset *regset = &view->regsets[view_iter]; 1797 int note_type = regset->core_note_type; 1798 bool is_fpreg = note_type == NT_PRFPREG; 1799 void *data; 1800 int ret; 1801 1802 do_thread_regset_writeback(t->task, regset); 1803 if (!note_type) // not for coredumps 1804 continue; 1805 if (regset->active && regset->active(t->task, regset) <= 0) 1806 continue; 1807 1808 ret = regset_get_alloc(t->task, regset, ~0U, &data); 1809 if (ret < 0) 1810 continue; 1811 1812 if (WARN_ON_ONCE(note_iter >= info->thread_notes)) 1813 break; 1814 1815 if (is_fpreg) 1816 SET_PR_FPVALID(&t->prstatus); 1817 1818 fill_note(&t->notes[note_iter], is_fpreg ? "CORE" : "LINUX", 1819 note_type, ret, data); 1820 1821 info->size += notesize(&t->notes[note_iter]); 1822 note_iter++; 1823 } 1824 1825 return 1; 1826 } 1827 #else 1828 static int fill_thread_core_info(struct elf_thread_core_info *t, 1829 const struct user_regset_view *view, 1830 long signr, struct elf_note_info *info) 1831 { 1832 struct task_struct *p = t->task; 1833 elf_fpregset_t *fpu; 1834 1835 fill_prstatus(&t->prstatus.common, p, signr); 1836 elf_core_copy_task_regs(p, &t->prstatus.pr_reg); 1837 1838 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus), 1839 &(t->prstatus)); 1840 info->size += notesize(&t->notes[0]); 1841 1842 fpu = kzalloc(sizeof(elf_fpregset_t), GFP_KERNEL); 1843 if (!fpu || !elf_core_copy_task_fpregs(p, fpu)) { 1844 kfree(fpu); 1845 return 1; 1846 } 1847 1848 t->prstatus.pr_fpvalid = 1; 1849 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(*fpu), fpu); 1850 info->size += notesize(&t->notes[1]); 1851 1852 return 1; 1853 } 1854 #endif 1855 1856 static int fill_note_info(struct elfhdr *elf, int phdrs, 1857 struct elf_note_info *info, 1858 struct coredump_params *cprm) 1859 { 1860 struct task_struct *dump_task = current; 1861 const struct user_regset_view *view; 1862 struct elf_thread_core_info *t; 1863 struct elf_prpsinfo *psinfo; 1864 struct core_thread *ct; 1865 1866 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL); 1867 if (!psinfo) 1868 return 0; 1869 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo); 1870 1871 #ifdef CORE_DUMP_USE_REGSET 1872 view = task_user_regset_view(dump_task); 1873 1874 /* 1875 * Figure out how many notes we're going to need for each thread. 1876 */ 1877 info->thread_notes = 0; 1878 for (int i = 0; i < view->n; ++i) 1879 if (view->regsets[i].core_note_type != 0) 1880 ++info->thread_notes; 1881 1882 /* 1883 * Sanity check. We rely on regset 0 being in NT_PRSTATUS, 1884 * since it is our one special case. 1885 */ 1886 if (unlikely(info->thread_notes == 0) || 1887 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) { 1888 WARN_ON(1); 1889 return 0; 1890 } 1891 1892 /* 1893 * Initialize the ELF file header. 1894 */ 1895 fill_elf_header(elf, phdrs, 1896 view->e_machine, view->e_flags); 1897 #else 1898 view = NULL; 1899 info->thread_notes = 2; 1900 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS); 1901 #endif 1902 1903 /* 1904 * Allocate a structure for each thread. 1905 */ 1906 info->thread = kzalloc(offsetof(struct elf_thread_core_info, 1907 notes[info->thread_notes]), 1908 GFP_KERNEL); 1909 if (unlikely(!info->thread)) 1910 return 0; 1911 1912 info->thread->task = dump_task; 1913 for (ct = dump_task->signal->core_state->dumper.next; ct; ct = ct->next) { 1914 t = kzalloc(offsetof(struct elf_thread_core_info, 1915 notes[info->thread_notes]), 1916 GFP_KERNEL); 1917 if (unlikely(!t)) 1918 return 0; 1919 1920 t->task = ct->task; 1921 t->next = info->thread->next; 1922 info->thread->next = t; 1923 } 1924 1925 /* 1926 * Now fill in each thread's information. 1927 */ 1928 for (t = info->thread; t != NULL; t = t->next) 1929 if (!fill_thread_core_info(t, view, cprm->siginfo->si_signo, info)) 1930 return 0; 1931 1932 /* 1933 * Fill in the two process-wide notes. 1934 */ 1935 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm); 1936 info->size += notesize(&info->psinfo); 1937 1938 fill_siginfo_note(&info->signote, &info->csigdata, cprm->siginfo); 1939 info->size += notesize(&info->signote); 1940 1941 fill_auxv_note(&info->auxv, current->mm); 1942 info->size += notesize(&info->auxv); 1943 1944 if (fill_files_note(&info->files, cprm) == 0) 1945 info->size += notesize(&info->files); 1946 1947 return 1; 1948 } 1949 1950 /* 1951 * Write all the notes for each thread. When writing the first thread, the 1952 * process-wide notes are interleaved after the first thread-specific note. 1953 */ 1954 static int write_note_info(struct elf_note_info *info, 1955 struct coredump_params *cprm) 1956 { 1957 bool first = true; 1958 struct elf_thread_core_info *t = info->thread; 1959 1960 do { 1961 int i; 1962 1963 if (!writenote(&t->notes[0], cprm)) 1964 return 0; 1965 1966 if (first && !writenote(&info->psinfo, cprm)) 1967 return 0; 1968 if (first && !writenote(&info->signote, cprm)) 1969 return 0; 1970 if (first && !writenote(&info->auxv, cprm)) 1971 return 0; 1972 if (first && info->files.data && 1973 !writenote(&info->files, cprm)) 1974 return 0; 1975 1976 for (i = 1; i < info->thread_notes; ++i) 1977 if (t->notes[i].data && 1978 !writenote(&t->notes[i], cprm)) 1979 return 0; 1980 1981 first = false; 1982 t = t->next; 1983 } while (t); 1984 1985 return 1; 1986 } 1987 1988 static void free_note_info(struct elf_note_info *info) 1989 { 1990 struct elf_thread_core_info *threads = info->thread; 1991 while (threads) { 1992 unsigned int i; 1993 struct elf_thread_core_info *t = threads; 1994 threads = t->next; 1995 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus); 1996 for (i = 1; i < info->thread_notes; ++i) 1997 kfree(t->notes[i].data); 1998 kfree(t); 1999 } 2000 kfree(info->psinfo.data); 2001 kvfree(info->files.data); 2002 } 2003 2004 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, 2005 elf_addr_t e_shoff, int segs) 2006 { 2007 elf->e_shoff = e_shoff; 2008 elf->e_shentsize = sizeof(*shdr4extnum); 2009 elf->e_shnum = 1; 2010 elf->e_shstrndx = SHN_UNDEF; 2011 2012 memset(shdr4extnum, 0, sizeof(*shdr4extnum)); 2013 2014 shdr4extnum->sh_type = SHT_NULL; 2015 shdr4extnum->sh_size = elf->e_shnum; 2016 shdr4extnum->sh_link = elf->e_shstrndx; 2017 shdr4extnum->sh_info = segs; 2018 } 2019 2020 /* 2021 * Actual dumper 2022 * 2023 * This is a two-pass process; first we find the offsets of the bits, 2024 * and then they are actually written out. If we run out of core limit 2025 * we just truncate. 2026 */ 2027 static int elf_core_dump(struct coredump_params *cprm) 2028 { 2029 int has_dumped = 0; 2030 int segs, i; 2031 struct elfhdr elf; 2032 loff_t offset = 0, dataoff; 2033 struct elf_note_info info = { }; 2034 struct elf_phdr *phdr4note = NULL; 2035 struct elf_shdr *shdr4extnum = NULL; 2036 Elf_Half e_phnum; 2037 elf_addr_t e_shoff; 2038 2039 /* 2040 * The number of segs are recored into ELF header as 16bit value. 2041 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here. 2042 */ 2043 segs = cprm->vma_count + elf_core_extra_phdrs(cprm); 2044 2045 /* for notes section */ 2046 segs++; 2047 2048 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid 2049 * this, kernel supports extended numbering. Have a look at 2050 * include/linux/elf.h for further information. */ 2051 e_phnum = segs > PN_XNUM ? PN_XNUM : segs; 2052 2053 /* 2054 * Collect all the non-memory information about the process for the 2055 * notes. This also sets up the file header. 2056 */ 2057 if (!fill_note_info(&elf, e_phnum, &info, cprm)) 2058 goto end_coredump; 2059 2060 has_dumped = 1; 2061 2062 offset += sizeof(elf); /* ELF header */ 2063 offset += segs * sizeof(struct elf_phdr); /* Program headers */ 2064 2065 /* Write notes phdr entry */ 2066 { 2067 size_t sz = info.size; 2068 2069 /* For cell spufs */ 2070 sz += elf_coredump_extra_notes_size(); 2071 2072 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL); 2073 if (!phdr4note) 2074 goto end_coredump; 2075 2076 fill_elf_note_phdr(phdr4note, sz, offset); 2077 offset += sz; 2078 } 2079 2080 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); 2081 2082 offset += cprm->vma_data_size; 2083 offset += elf_core_extra_data_size(cprm); 2084 e_shoff = offset; 2085 2086 if (e_phnum == PN_XNUM) { 2087 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL); 2088 if (!shdr4extnum) 2089 goto end_coredump; 2090 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs); 2091 } 2092 2093 offset = dataoff; 2094 2095 if (!dump_emit(cprm, &elf, sizeof(elf))) 2096 goto end_coredump; 2097 2098 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note))) 2099 goto end_coredump; 2100 2101 /* Write program headers for segments dump */ 2102 for (i = 0; i < cprm->vma_count; i++) { 2103 struct core_vma_metadata *meta = cprm->vma_meta + i; 2104 struct elf_phdr phdr; 2105 2106 phdr.p_type = PT_LOAD; 2107 phdr.p_offset = offset; 2108 phdr.p_vaddr = meta->start; 2109 phdr.p_paddr = 0; 2110 phdr.p_filesz = meta->dump_size; 2111 phdr.p_memsz = meta->end - meta->start; 2112 offset += phdr.p_filesz; 2113 phdr.p_flags = 0; 2114 if (meta->flags & VM_READ) 2115 phdr.p_flags |= PF_R; 2116 if (meta->flags & VM_WRITE) 2117 phdr.p_flags |= PF_W; 2118 if (meta->flags & VM_EXEC) 2119 phdr.p_flags |= PF_X; 2120 phdr.p_align = ELF_EXEC_PAGESIZE; 2121 2122 if (!dump_emit(cprm, &phdr, sizeof(phdr))) 2123 goto end_coredump; 2124 } 2125 2126 if (!elf_core_write_extra_phdrs(cprm, offset)) 2127 goto end_coredump; 2128 2129 /* write out the notes section */ 2130 if (!write_note_info(&info, cprm)) 2131 goto end_coredump; 2132 2133 /* For cell spufs */ 2134 if (elf_coredump_extra_notes_write(cprm)) 2135 goto end_coredump; 2136 2137 /* Align to page */ 2138 dump_skip_to(cprm, dataoff); 2139 2140 for (i = 0; i < cprm->vma_count; i++) { 2141 struct core_vma_metadata *meta = cprm->vma_meta + i; 2142 2143 if (!dump_user_range(cprm, meta->start, meta->dump_size)) 2144 goto end_coredump; 2145 } 2146 2147 if (!elf_core_write_extra_data(cprm)) 2148 goto end_coredump; 2149 2150 if (e_phnum == PN_XNUM) { 2151 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum))) 2152 goto end_coredump; 2153 } 2154 2155 end_coredump: 2156 free_note_info(&info); 2157 kfree(shdr4extnum); 2158 kfree(phdr4note); 2159 return has_dumped; 2160 } 2161 2162 #endif /* CONFIG_ELF_CORE */ 2163 2164 static int __init init_elf_binfmt(void) 2165 { 2166 register_binfmt(&elf_format); 2167 return 0; 2168 } 2169 2170 static void __exit exit_elf_binfmt(void) 2171 { 2172 /* Remove the COFF and ELF loaders. */ 2173 unregister_binfmt(&elf_format); 2174 } 2175 2176 core_initcall(init_elf_binfmt); 2177 module_exit(exit_elf_binfmt); 2178 2179 #ifdef CONFIG_BINFMT_ELF_KUNIT_TEST 2180 #include "binfmt_elf_test.c" 2181 #endif 2182